summaryrefslogtreecommitdiff
path: root/anytun.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'anytun.cpp')
-rw-r--r--anytun.cpp104
1 files changed, 36 insertions, 68 deletions
diff --git a/anytun.cpp b/anytun.cpp
index 5aab904..e679281 100644
--- a/anytun.cpp
+++ b/anytun.cpp
@@ -31,7 +31,7 @@
#include <iostream>
#include <poll.h>
-#include <gcrypt.h> // for thread safe libgcrypt initialisation
+#include <gcrypt.h>
#include <cerrno> // for ENOMEM
#include "datatypes.h"
@@ -53,6 +53,9 @@
#include "seqWindow.h"
#include "connectionList.h"
+#include "mpi.h" // TODO: remove after debug
+
+
#include "syncQueue.h"
#include "syncSocketHandler.h"
#include "syncListenSocket.h"
@@ -66,9 +69,11 @@
#define PAYLOAD_TYPE_TAP 0x6558
#define PAYLOAD_TYPE_TUN 0x0800
-#define SESSION_KEYLEN_AUTH 20
-#define SESSION_KEYLEN_ENCR 16
-#define SESSION_KEYLEN_SALT 14
+#define MAX_PACKET_LENGTH 1600
+
+#define SESSION_KEYLEN_AUTH 20 // TODO: hardcoded size
+#define SESSION_KEYLEN_ENCR 16 // TODO: hardcoded size
+#define SESSION_KEYLEN_SALT 14 // TODO: hardcoded size
void createConnection(const std::string & remote_host, u_int16_t remote_port, ConnectionList & cl, u_int16_t seqSize, SyncQueue & queue)
{
@@ -128,32 +133,30 @@ void* sender(void* p)
std::auto_ptr<Cipher> c(CipherFactory::create(param->opt.getCipher()));
// std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(param->opt.getAuthAlgo()) );
- PlainPacket plain_packet(1600); // TODO: fix me... mtu size
- EncryptedPacket packet(1600);
+ PlainPacket plain_packet(MAX_PACKET_LENGTH);
+ EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH);
- // TODO: hardcoded keySize!!!
- Buffer session_key(SESSION_KEYLEN_ENCR);
- Buffer session_salt(SESSION_KEYLEN_SALT);
- Buffer session_auth_key(SESSION_KEYLEN_AUTH);
+ Buffer session_key(u_int32_t(SESSION_KEYLEN_ENCR)); // TODO: hardcoded size
+ Buffer session_salt(u_int32_t(SESSION_KEYLEN_SALT)); // TODO: hardcoded size
+ Buffer session_auth_key(u_int32_t(SESSION_KEYLEN_AUTH)); // TODO: hardcoded size
//TODO replace mux
u_int16_t mux = 0;
while(1)
{
- plain_packet.setLength( plain_packet.getMaxLength()); // Q@NINE wtf???
-
// read packet from device
u_int32_t len = param->dev.read(plain_packet);
plain_packet.setLength(len);
- packet.setLength( len );
- if( param->cl.empty())
+
+ if(param->cl.empty())
continue;
- ConnectionMap::iterator cit = param->cl.getConnection(mux);
+
+ ConnectionMap::iterator cit = param->cl.getConnection(mux);
if(cit==param->cl.getEnd())
continue;
ConnectionParam & conn = cit->second;
- // add payload type
+ // set payload type
if(param->dev.getType() == TunDevice::TYPE_TUN)
plain_packet.setPayloadType(PAYLOAD_TYPE_TUN);
else if(param->dev.getType() == TunDevice::TYPE_TAP)
@@ -168,16 +171,16 @@ void* sender(void* p)
c->setSalt(session_salt);
// encrypt packet
- c->encrypt(plain_packet, packet, conn.seq_nr_, param->opt.getSenderId());
+ c->encrypt(plain_packet, encrypted_packet, conn.seq_nr_, param->opt.getSenderId());
- packet.setHeader(conn.seq_nr_, param->opt.getSenderId(), mux);
+ encrypted_packet.setHeader(conn.seq_nr_, param->opt.getSenderId(), mux);
conn.seq_nr_++;
// TODO: activate authentication
-// conn.kd_.generate(LABEL_SATP_MSG_AUTH, packet.getSeqNr(), session_auth_key);
+// conn.kd_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key);
// a->setKey(session_auth_key);
-// addPacketAuthTag(packet, a.get(), conn);
- param->src.send(packet, conn.remote_host_, conn.remote_port_);
+// addPacketAuthTag(encrypted_packet, a.get(), conn);
+ param->src.send(encrypted_packet, conn.remote_host_, conn.remote_port_);
}
pthread_exit(NULL);
}
@@ -223,30 +226,26 @@ void* receiver(void* p)
std::auto_ptr<Cipher> c( CipherFactory::create(param->opt.getCipher()) );
// std::auto_ptr<AuthAlgo> a( AuthAlgoFactory::create(param->opt.getAuthAlgo()) );
- EncryptedPacket packet(1600); // TODO: dynamic mtu size
+ EncryptedPacket encrypted_packet(1600); // TODO: dynamic mtu size
PlainPacket plain_packet(1600);
- // TODO: hardcoded keysize!!!
- Buffer session_key(SESSION_KEYLEN_SALT);
- Buffer session_salt(SESSION_KEYLEN_SALT);
- Buffer session_auth_key(SESSION_KEYLEN_AUTH);
+ Buffer session_key(u_int32_t(SESSION_KEYLEN_ENCR)); // TODO: hardcoded size
+ Buffer session_salt(u_int32_t(SESSION_KEYLEN_SALT)); // TODO: hardcoded size
+ Buffer session_auth_key(u_int32_t(SESSION_KEYLEN_AUTH)); // TODO: hardcoded size
while(1)
{
string remote_host;
u_int16_t remote_port;
- packet.setLength( packet.getMaxLength() ); // Q@NINE wtf???
- plain_packet.setLength( plain_packet.getMaxLength() ); // Q@NINE wtf???
- // u_int16_t sid = 0, seq = 0;
// read packet from socket
- u_int32_t len = param->src.recv(packet, remote_host, remote_port);
- packet.setLength(len);
+ u_int32_t len = param->src.recv(encrypted_packet, remote_host, remote_port);
+ encrypted_packet.setLength(len);
// TODO: check auth tag first
-// conn.kd_.generate(LABEL_SATP_MSG_AUTH, packet.getSeqNr(), session_auth_key);
+// conn.kd_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key);
// a->setKey( session_auth_key );
-// if(!checkPacketAuthTag(packet, a.get(), conn))
+// if(!checkPacketAuthTag(encrypted_packet, a.get(), conn))
// continue;
@@ -272,17 +271,17 @@ void* receiver(void* p)
}
// Replay Protection
- if (!checkPacketSeqNr(packet, conn))
+ if (!checkPacketSeqNr(encrypted_packet, conn))
continue;
// generate packet-key
- conn.kd_.generate(LABEL_SATP_ENCRYPTION, packet.getSeqNr(), session_key);
- conn.kd_.generate(LABEL_SATP_SALT, packet.getSeqNr(), session_salt);
+ conn.kd_.generate(LABEL_SATP_ENCRYPTION, encrypted_packet.getSeqNr(), session_key);
+ conn.kd_.generate(LABEL_SATP_SALT, encrypted_packet.getSeqNr(), session_salt);
c->setKey(session_key);
c->setSalt(session_salt);
// decrypt packet
- c->decrypt(packet, plain_packet);
+ c->decrypt(encrypted_packet, plain_packet);
// check payload_type
if((param->dev.getType() == TunDevice::TYPE_TUN && plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN) ||
@@ -341,37 +340,6 @@ bool initLibGCrypt()
int main(int argc, char* argv[])
{
-// // this must be called before any other libgcrypt call
-// if(!initLibGCrypt())
-// return -1;
-
-// u_int8_t KEY[] = {0xE1,0xF9,0x7A,0x0D,0x3E,0x01,0x8B,0xE0,0xD6,0x4F,0xA3,0x2C,0x06,0xDE,0x41,0x39};
-// u_int8_t SALT[] = {0x0E,0xC6,0x75,0xAD,0x49,0x8A,0xFE,0xEB,0xB6,0x96,0x0B,0x3A,0xAB,0xE6};
-// Buffer master_key(KEY, 16);
-// Buffer master_salt(SALT, 14);
-// std::cout << "master key: " << std::endl << master_key.getHexDump() << std::endl;
-// std::cout << "master salt: " << std::endl << master_salt.getHexDump() << std::endl;
-// std::cout << std::endl;
-// KeyDerivation kd;
-// kd.init(master_key, master_salt);
-
-// Buffer key(16);
-// kd.generate(LABEL_SATP_ENCRYPTION, 0, key);
-// std::cout << "key: " << std::endl << key.getHexDump() << std::endl;
-
-// Buffer salt(14);
-// kd.generate(LABEL_SATP_SALT, 0, salt);
-// std::cout << "salt: " << std::endl << salt.getHexDump() << std::endl;
-
-// Buffer auth(14);
-// kd.generate(LABEL_SATP_MSG_AUTH, 0, auth);
-// std::cout << "auth: " << std::endl << auth.getHexDump() << std::endl;
-
-
-// exit(0);
-
-// // *++++++++++++++++++ end of kd test
-
std::cout << "anytun - secure anycast tunneling protocol" << std::endl;
Options opt;
if(!opt.parse(argc, argv))